3Com Baseline Switch 2848-SFP Crafted DHCP Packet Remote DoS

2006-04-25T12:17:38
ID OSVDB:24942
Type osvdb
Reporter OSVDB
Modified 2006-04-25T12:17:38

Description

Vulnerability Description

3Com Baseline Switch 2848-SFP contains a flaw that may allow a remote denial of service. The issue is triggered when the switch receives a DHCP packet that exceeds 342 bytes in length, and will result in loss of availability for the platform.

Solution Description

Upgrade to version 1.0.2.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

3Com Baseline Switch 2848-SFP contains a flaw that may allow a remote denial of service. The issue is triggered when the switch receives a DHCP packet that exceeds 342 bytes in length, and will result in loss of availability for the platform.

References:

Vendor Specific News/Changelog Entry: http://support.3com.com/infodeli/tools/switches/baseline/3C16486_V1_0_2_0_readme.pdf Security Tracker: 1015997 Secunia Advisory ID:19756 ISS X-Force ID: 26076 FrSIRT Advisory: ADV-2006-1510 CVE-2006-2054 Bugtraq ID: 17686